Friday, February 22, 2013

I added 404-caching to lophttpd, in the hope thatit will result in overall speedup if a lot of clientstry to fetch non-existing files (favicon.ico etc.)The key for the cache is the first line that is sent,so once we see this request again, we dont need to parse theentire header, decode the pathname and stat() it before we sendthe error reply. Good, eh?

Thursday, February 14, 2013

Anyone can give your finger by spoofing DBUS signalsto pam_fprintd, effectively bypassing fprintd authentication.Tested with fprintd 0.41.darklena is the PoC and the authors have been informed.Its probably about time to check dbus-glib usage or usageof DBUS signals in privileged code in general.[Update:] successfully tested on a vanilla FC16 setup withfprintd installed from repository and SELinux target configleft as-is: